Cryptes ransomware – a cryptovirus that holds files hostage and demands payment in Bitcoin for their release

Cryptes ransomware is a dangerous virus that renders all personal files inaccessible

Cryptes ransomware is a file locking virus that first showed up at the end of July 25th, 2018. As it is a variant of DCRTR ransomware, it uses a combination of AES, SHA,[1] RSA to lock up files and appends .cryptes extension. As soon as the encryption process is finished, HOW TO DECRYPT ALL MY FILES.txt ransom note is downloaded to the victims' computers and placed into each of the affected folders. Users can view the file and see that hackers demand an unknown amount of Bitcoin to be paid for data release. To find out the price and receive further instructions, users need to contact Cryptes ransomware authors via dekode@qq.com.

Cryptes ransomware typically infiltrates users machines when they are not careful enough when surfing the internet or opening emails from unknown sources. Hackers often use phishing emails and high-risk websites (such as file-sharing, torrents) to make sure that the virus gets distributed. Thus, if you do not take high risks, you will never have to worry about Cryptes ransomware removal.

As soon as the malicious payload of Cryptes is executed, the malware modifies the system's settings and starts a scan. It looks for the data to encrypt, and skips system, executables, and few other files. Hackers do not want to destroy your computer, and they just want to extort money. That is why the virus skips system files – the machine needs to operate correctly.

However, every personal file (.jpg, .doc, .dat, .img. .pdf, etc.) is systematically locked and .cryptes extension is added. From that point, users cannot access their files anymore. Note that the data is not corrupted in any way, it simply requires decryption key, which is stored on a Command and Control server that only malware authors have access to.

Users are informed of what happened in a ransom note HOW TO DECRYPT ALL MY FILES.txt which becomes available for victims to view. It is unknown what amount Cryptes ransomware authors want, but they most certainly want Bitcoins – a digital currency. This way, they can stay anonymous during the transaction, as a personal bank account is easily traceable. Although Bitcoin wallets are more pseudonymous rather than anonymous, cybercrooks manage to bypass traceability by using various tools, such as VPNs and proxies.[2]

Here's the fragment from the ransom note:

All your files have been encrypted!All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail: dekode@qq.comIn case of no answer in 24 hours write us to theese e-mails: supdecrypt@foxmail.com or supportdecryption@cock.liYou have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee

As a “proof” cybercriminals promise to decrypt five files (up to 10MB) for free. Ironically, they even warn victims of being scammed by other parties.

However, it is unwise to contact crooks, as these people can not be trusted. Just think about it – if they managed to lock up your files to gain illegal profit, what obligates them to take your money and never reply? Besides, if you do contact them and receive Cryptes decryptor, you are highly likely to be a target for the future attacks.

Therefore, do not give in to hackers' menace and remove Cryptes ransomware from your computer. To ensure proper elimination, use Reimage or Plumbytes Anti-MalwareNorton Internet Security. Only then you can proceed with file recovery procedure (note that official decryptor for Cryptes ransomware does not exist yet, but you can get your data back from backups or by using third-party software).

People usually do not pay attention to dangers until the unfortunate events happen to them. That is precisely how it works with malware as well. Users are careless and tend to avoid anti-malware software due to costs or pure laziness. However, keep in mind that once files are encrypted by ransomware, the chance of getting them back is quite low, unless the official decryption tool is released (in some cases it might take researchers years to develop one).

To avoid such a scenario, make sure you follow these simple rules:

Spam emails are the most prominent malware distribution methods. Therefore, think twice before viewing every email that comes your way. If needed, scan the attachment with anti-malware software and always mouseover hyperlinks that might be present inside;

Employ reputable security tools. These applications are necessary for every computer user that uses the internet. Anti-virus program's database is continually updated, so malware can be blocked before it enters the machine;

Avoid malicious websites. Users can sure be redirected to suspicious websites, but they should never click on links or pop-ups that appear there. Additionally downloading executables (keygens, cracks) or cracked software on dubious file-sharing sites can lead to ransomware infection;

Backup your files. If you have that step complete, you do not need to worry about anything. However, make sure that you do not connect your external device to the infected computer, as all backup data will be encrypted as well.

Get rid of Cryptes ransomware by using powerful security tools

Cryptes ransomware removal should not be executed manually, as experts[3] note. This procedure is complicated and should only be practiced by trained IT professionals. If you proceed with it, you might damage your system files beyond repair. Therefore, leave the job to anti-malware software instead. Before performing the scan, make sure that the latest virus database is being used.

In some cases, the malware might block the correct operation of the security suite. In such a case, enter Safe mode with networking as explained below. As soon as you remove Cryptes virus, you can proceed with file recovery – you can find instructions below. Nevertheless, if you do not possess a backup, the chance of retrieving data is quite low.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Cryptes ransomware you agree to our privacy policy and agreement of use.

What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.

Reimage is recommended to uninstall Cryptes ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool. More information about this program can be found in Reimage review.

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Cryptes removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

When a new window shows up, click Next and select your restore point that is prior the infiltration of Cryptes. After doing that, click Next.

Now click Yes to start system restore.

Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that Cryptes removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Cryptes from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Although crooks might ask as little as $25 for file recovery, it is not worth taking the risk. By contacting them, you put yourself in danger of other malware infections (it is not unheard of crooks sending fake decryptors that are malicious) and might as well lose the money in general. Thus, rather try alternative data recovery methods.

If your files are encrypted by Cryptes, you can use several methods to restore them: